Category: .NET Framework


How to support TLS PSK in C# (Pre-shared key)

TLS PSK (Pre-shared key) support in C# and .NET is very hard to come by. And is not natively supported. The SSLStream class in both .NET framework and .NET Core does not currently support getting SSL/TLS connections with the PSK or PSK-DHE Ciphersuites. The TLS-PSK implementation in OpenSSL has seen many security flaws in recent years, mostly because it is used only by a minority of applications. Please consider all alternative solutions before switching to PSK ciphers. To actually make this work you have to look for alternatives such as SSL termination proxies, or other programming languages all together. Resources to look into: wolfSSL C# Wrapper The wolfSSL C# wrapper gives the ability to make use of the TLS/SSL security perfected from IoT and embedded devices in C# development....

The most dangerous constructor in .NET 12

The most dangerous constructor in .NET

You should never instantiate a X509Certificate2 with the “new” keyword if you can avoid it, it is one of the most dangerous constructors in .NET – X509Certificate2, and if you do, you must be aware of these gotchas. Doing this wrong can mean you flood your disk with one-time use files, that are never removed. If you load in a new X509Certificate2 from a file by calling the public X509Certificate2 (string fileName, SecureString password); constructor, or similar constructor then you will without knowing it, create a brand new file on your disk, and this will happen every time you new it up. When you instantiate a X509Certificate2 from disk, say from a .pfx file, a new storage file of 3-4kb will be created in one of the following places depending...